General
-
Target
Total Invoice.7z
-
Size
746KB
-
Sample
240426-hn73gabb5t
-
MD5
77b91df35b97b1b508937e5fa451515b
-
SHA1
5e97cd85be04b79216c00319ee20cf17dee4dc14
-
SHA256
7f10ebe191fcf2f28b9a9a67eaa0c4869d2a8ed62e1ed062e1a67b781fa78c66
-
SHA512
15749d4bd6932f0b0806178a59c8cf96573c1d3a81db348a6333b450840be14ec3b19ce8401ab5287a2d2049cea910060e7ae86b2755d9c12c8386ff3493d421
-
SSDEEP
12288:w/7Vv9Kr82gz8bGKSPPwlD+13RIi57whWA9HG9e5BKvAB06Zy8b5o5pVrVMpLVS:OJVKYNIlYRR5q7N35BKx6ZNFlS
Static task
static1
Behavioral task
behavioral1
Sample
Total Invoice.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
Total Invoice.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.unitechautomations.com - Port:
587 - Username:
design@unitechautomations.com - Password:
Unitech@123 - Email To:
overseas1@vestalshipping.com.vn
Targets
-
-
Target
Total Invoice.exe
-
Size
949KB
-
MD5
a94578e1a694ba09dc9ed5dc7df60fcc
-
SHA1
8ea85a39e4e456e79db46abfe00f9be73c8e254e
-
SHA256
b06ef71a820a829fc010a3bc33b6c630282b94d831e25f972b7173f0783b76c9
-
SHA512
ab3277ca5e074100cc9323234ee257816261154bcd6da3b00c56a83b0f0923575649ec9c3272e5ac8da6bd4ae08f6757d7cd15147a15963d144b99be92a30565
-
SSDEEP
24576:8+17qWKvIj9RR5BGNn5BZj6ZNaJ312Zw471:t5AvIj9VB+j6naJl2iK1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-